CtrlK
BlogDocsLog inGet started
Tessl Logo

encrypting-and-decrypting-data

This skill enables Claude to encrypt and decrypt data using various algorithms provided by the encryption-tool plugin. It should be used when the user requests to "encrypt data", "decrypt a file", "generate an encrypted file", or needs to secure sensitive information. This skill supports various encryption methods and ensures data confidentiality. It is triggered by requests related to data encryption, decryption, or general data security needs.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill encrypting-and-decrypting-data
What are skills?

92

1.01x

Quality

55%

Does it follow best practices?

Impact

96%

1.01x

Average score across 12 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/encryption-tool/skills/encryption-tool/SKILL.md
SKILL.md
Review
Evals

Evaluation results

100%

Secure Configuration Backup

File naming and key management

Criteria
Without context
With context

.enc extension for db.conf

100%

100%

.enc extension for api_keys.conf

100%

100%

No hardcoded key in script

100%

100%

Key via env var or argument

100%

100%

Strong algorithm used

100%

100%

README key instructions

100%

100%

Both files encrypted

100%

100%

Output path documented

100%

100%

No key in README

100%

100%

Algorithm documented

100%

100%

Without context: $0.2374 · 3m 23s · 16 turns · 15 in / 3,451 out tokens

With context: $0.5797 · 7m 16s · 35 turns · 251 in / 6,815 out tokens

79%

-3%

Tamper-Evident Log Archiver

Data integrity verification

Criteria
Without context
With context

Integrity mechanism present

100%

100%

Integrity check on decrypt

100%

100%

Tamper detection raises error

100%

100%

Integrity embedded in payload

100%

100%

Strong algorithm selected

100%

100%

.enc extension on archive

0%

0%

Design doc explains integrity

100%

100%

Demo runs end-to-end

100%

100%

No key hardcoded

37%

0%

Algorithm matches sensitivity

40%

40%

Without context: $0.5812 · 6m 6s · 27 turns · 29 in / 10,550 out tokens

With context: $0.5400 · 6m 37s · 29 turns · 59 in / 7,520 out tokens

100%

2%

Recovering Encrypted Project Backup

Decryption workflow and file naming

Criteria
Without context
With context

Removes .enc for pipeline.yml

100%

100%

Removes .enc for deploy_config.json

100%

100%

Removes .enc for secrets.env

100%

100%

No hardcoded passphrase

100%

100%

Passphrase via env or arg

100%

100%

Handles all .enc files

100%

100%

Recovery manifest written

100%

100%

Identifies decryption operation

100%

100%

Manifest has correct mappings

66%

100%

Skips non-enc files

100%

100%

Without context: $0.4132 · 4m 55s · 26 turns · 24 in / 5,879 out tokens

With context: $0.7614 · 8m 53s · 38 turns · 117 in / 10,653 out tokens

100%

Secure Employee Records Encryption

Default algorithm selection

Criteria
Without context
With context

Secure default algorithm

100%

100%

No algorithm in task hint

100%

100%

Justification documented

100%

100%

.enc output extension

100%

100%

Key not hardcoded

100%

100%

Key via env or argument

100%

100%

All input files encrypted

100%

100%

Encryption operation identified

100%

100%

Key storage guidance

100%

100%

Reproducible decrypt path

100%

100%

Without context: $0.4764 · 4m 45s · 28 turns · 27 in / 6,480 out tokens

With context: $0.5713 · 6m 46s · 36 turns · 737 in / 7,693 out tokens

97%

Patient Health Record Protection

Compliance-based algorithm selection

Criteria
Without context
With context

Compliance-appropriate algorithm

100%

100%

Algorithm rationale documented

100%

100%

Key not hardcoded

100%

100%

Key via env or argument

100%

100%

.enc output extension

100%

100%

Sensitivity classification

100%

100%

Compliance framework mentioned

100%

100%

All records encrypted

100%

100%

Key management guidance

100%

100%

Decrypt instructions present

57%

57%

Without context: $0.4827 · 5m 6s · 29 turns · 69 in / 7,237 out tokens

With context: $0.5920 · 3m 36s · 36 turns · 332 in / 7,907 out tokens

96%

Automated Sales Data Processing Pipeline

Encryption in automated pipeline

Criteria
Without context
With context

Encrypt step present

100%

100%

Decrypt step present

100%

100%

Operations correctly identified

100%

100%

.enc extension on encrypted files

100%

100%

Key not hardcoded

100%

100%

Key via env or argument

100%

100%

Strong algorithm used

100%

100%

Pipeline log or summary

100%

100%

Automation script runnable

100%

100%

Decrypted output restored

50%

50%

Key storage note

100%

100%

Without context: $0.2805 · 4m 10s · 14 turns · 15 in / 4,746 out tokens

With context: $0.7338 · 7m 34s · 34 turns · 475 in / 10,494 out tokens

100%

5%

Secure Secrets Delivery for a Remote Contractor

Asymmetric algorithm selection and output mode

Criteria
Without context
With context

RSA algorithm used

100%

100%

.enc output extension

100%

100%

Public key loaded from file

100%

100%

No private key hardcoded

100%

100%

Decryption script accepts key externally

100%

100%

Encrypt operates on secrets.json

100%

100%

Decrypt reverses encryption

100%

100%

README key instructions

100%

100%

Key storage guidance

50%

100%

Algorithm identified in docs

100%

100%

Without context: $0.5429 · 7m 19s · 30 turns · 30 in / 7,962 out tokens

With context: $0.7695 · 8m 15s · 40 turns · 304 in / 9,768 out tokens

100%

Environment Variable Encryption Utility

Console output vs file output for encrypted data

Criteria
Without context
With context

Encrypted output to stdout

100%

100%

Decrypted output to stdout

100%

100%

Secure default algorithm

100%

100%

Key not hardcoded

100%

100%

Key via env or argument

100%

100%

Demo does not hardcode key

100%

100%

Demo encrypt then decrypt

100%

100%

README usage examples

100%

100%

Separate encrypt and decrypt modes

100%

100%

Key storage note in README

100%

100%

Without context: $0.2793 · 4m 43s · 20 turns · 20 in / 4,375 out tokens

With context: $0.6989 · 3m 15s · 36 turns · 273 in / 10,074 out tokens

100%

Encrypted Config Compliance Audit

Security audit integration with encryption verification

Criteria
Without context
With context

DES flagged as non-compliant

100%

100%

AES entries marked compliant

100%

100%

Tampered file detected

100%

100%

Integrity check per file

100%

100%

Algorithm identified per file

100%

100%

Compliance status per file

100%

100%

All four files reported

100%

100%

README explains integrity method

100%

100%

README compliance criteria

100%

100%

Report is valid JSON

100%

100%

Without context: $0.3555 · 3m 58s · 18 turns · 19 in / 6,542 out tokens

With context: $0.6050 · 7m 43s · 28 turns · 173 in / 9,453 out tokens

96%

6%

PII Protection for Customer Records Export

Field-level selective encryption

Criteria
Without context
With context

Only sensitive fields encrypted

100%

100%

Encrypted field values present

100%

100%

Strong algorithm used

100%

100%

Integrity mechanism present

100%

100%

Key not hardcoded

100%

100%

Key via env or argument

100%

100%

.enc extension on output file

60%

100%

Decrypt script or function

100%

100%

Algorithm rationale documented

50%

50%

All PII fields processed

100%

100%

Key management note

66%

100%

Without context: $0.3253 · 3m 57s · 21 turns · 21 in / 5,043 out tokens

With context: $0.6563 · 4m 30s · 36 turns · 287 in / 8,197 out tokens

89%

3%

Secure Document Package for External Auditor

Encrypted package for secure sharing

Criteria
Without context
With context

Operation identified as encryption

100%

100%

.enc extension on output

100%

100%

Strong algorithm used

100%

100%

Algorithm chosen for sensitivity

40%

70%

Key generation script or instructions

100%

100%

Key not hardcoded

100%

100%

Key via env or argument

0%

0%

Decrypt instructions in README

100%

100%

Key sharing guidance

100%

100%

Integrity protection present

100%

100%

All files in package encrypted

100%

100%

Without context: $0.3429 · 4m 12s · 22 turns · 21 in / 5,578 out tokens

With context: $0.6431 · 6m 40s · 37 turns · 76 in / 7,532 out tokens

100%

Encryption Key Rotation for Configuration Archive

Key rotation and re-encryption

Criteria
Without context
With context

Decrypt with old key

100%

100%

Re-encrypt with new key

100%

100%

Operations correctly identified

100%

100%

.enc extension on output files

100%

100%

Old key not hardcoded

100%

100%

New key not hardcoded

100%

100%

Keys via env or arguments

100%

100%

Strong algorithm used

100%

100%

README rotation instructions

100%

100%

Rotation log or summary

100%

100%

Original .enc files handled

100%

100%

Without context: $0.5654 · 6m 11s · 27 turns · 69 in / 8,586 out tokens

With context: $0.6831 · 4m 26s · 33 turns · 64 in / 9,892 out tokens

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Secure Configuration BackupTamper-Evident Log ArchiverRecovering Encrypted Project BackupSecure Employee Records EncryptionPatient Health Record ProtectionAutomated Sales Data Processing PipelineSecure Secrets Delivery for a Remote ContractorEnvironment Variable Encryption UtilityEncrypted Config Compliance AuditPII Protection for Customer Records ExportSecure Document Package for External AuditorEncryption Key Rotation for Configuration Archive

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill